Randomly generated numbers are used to determine the outcomes of many gaming applications. For example, a randomly generated number may be used to derive a criterion or set of criteria. Entry information from each player is compared to the criterion or criteria to determine which player or players are winners. Examples of such gaming applications include, but are not limited to, slot machines, lottery systems, electronic raffle games and electronic bingo games.
Gaming applications using randomly generated numbers present several security challenges. First, the pseudo-random number generator algorithm used by many gaming applications is ultimately predictable. A pseudo-random number generator algorithm takes a seed value as input and provides a “random” number as output. If the nature and the current state (e.g. the current seed) of the algorithm is known, it is possible to predict the resulting “random” number. This means that a malicious actor with sufficient knowledge of the algorithm may predict the output of a pseudo-random number generator and improperly become a winner. Another security challenge involves making sure that a gaming application actually uses the proper randomly generated number to determine a winner or winners. For example, it is possible for a malicious actor to cause a gaming machine to discard a randomly generated number and instead use a predetermined number to determine a winner. In this manner, the malicious actor, or their associate, may improperly become a winner based on their knowledge of the predetermined number. This deception is difficult to detect, because it is difficult to distinguish a non-random number within a set of otherwise random numbers.
Existing devices address these problems with various approaches. For example, pseudo-random number generators are often run continuously, with each randomly generated number serving as a seed for the next iteration of the algorithm. When a request for a random number is received, the current output of the algorithm may be provided and used to determine the winner or winners. Because the pseudo-random number generator is running constantly, it is difficult to know the current state of the algorithm, and therefore difficult to predict its future state, particularly if the pseudo-random number generator is run at a relatively high rate of speed. Also, many gaming applications use algorithms that are burned onto chips. The chips are then certified by a third-party as containing the proper algorithm and installed into stand-alone gaming machines. Accordingly, the certified chips are unalterable without physically breaking into the gaming machines. These gaming machines may also be configured to be checked at any time to verify that the software running is the same as the software that has been certified. Another safety mechanism that may be used is an auditable random number generator. An auditable random number generator may provide random numbers that are unpredictable, yet auditable. Accordingly, it is possible, after the fact, to make sure that winners were determined based on the properly derived random number and not a maliciously inserted predetermined number. Example auditable random number generators include the FLEXdraw™ generator available from the GTECH Corporation® of Providence, R.I., and the Trusted Play™, Trusted Play+™, and Trusted Draw™ products available from Szrek2Solutions, LLC of East Greenwich, R.I.